-3

I currently have a website that allows me to send values from a simple form to a machine that works with a "URL encode" format like this :

In project.html page :

<form method="post" action="go.php">
<select name="project">
<option value="My%20first%20project%20is%20%2Bgreen">1st project (green)</option>
<option value="My%20second%20project%20is%20%2Bblue">2nd project (blue)</option>
</select>
</form>

It works for my machine but I want to see and to save in an other page the result. I created this :

In go.php page :

<?php echo $_POST['project']; ?>

The problem is that the displayed result in the go.php page is raw: "My%20first%20project%20is%20%2Bgreen"

I would like one of these 2 solutions to fix this:

1 - Is it possible to interpret the URL language encoded in HTML so that each character is displayed as in UTF-8?

2 - Is it possible to add another value to each option that would be read by the $_POST ? For example :

<form method="post" action="go.php">
<select name="project">
<option value="My%20first%20project%20is%20%2Bgreen" value2="Project Green">1st project (green)</option>
<option value="My%20second%20project%20is%20%2Bblue" value2="Project blue">2nd project (blue)</option>
</select>
</form>

But how to extract the "value2" value in my PHP page ?

Thank you very much for your help !

I tried inserting the value in an iframe tag hoping the url would be read raw but it didn't work:

go.php page :

<html>
<body>
<iframe src="<?php echo $_POST['project']; ?>"></iframe>
</body>
</html>

I tried this to :

<html>
<body>
<iframe src="http://<?php echo $_POST['project']; ?>"></iframe>
</body>
</html>

But the iframe does not display the result

I read the other answers on this forum and I did not find an answer.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
trebmal14
  • 1
  • 1
  • _"The problem is that the displayed result in the go.php page is raw"_ - submitting a form makes the browser automatically apply URL encoding, so what you are sending is now simply URL-encoded _twice_. – CBroe Aug 14 '23 at 11:04
  • 1
    _"Is it possible to interpret the URL language encoded in HTML"_ - what is _"URL language encoded in HTML"_ supposed to mean? And what _actual_ problem are you trying to solve here in the first place? – CBroe Aug 14 '23 at 11:05
  • On the second thought, it's hard to understand what is asked here. In case you are asking why some website adds My%20first%20project%20is%20%2Bgreen instead of My first project is +green, **we cannot know that**. As well as how to alter that value to something else. You should ask the site owner/programmer – Your Common Sense Aug 14 '23 at 11:06
  • _"2 - Is it possible to add another value to each option that would be read by the $_POST ?"_ - [Can an Option in a Select tag carry multiple values?](https://stackoverflow.com/q/3245967/1427878) – CBroe Aug 14 '23 at 11:07
  • Not sure if it's obvious for you, but your best bet is to make it ``. Or you can use urldecode()/parse_str() in go.php – Your Common Sense Aug 14 '23 at 11:08
  • 1
    _"I tried inserting the value in an iframe tag"_ - that is a rather bad idea to begin with, at least if you don't check the submitted value against a list of allowed values. In this ultra-primitive form you have definitively created yourself an XSS attack vector there, and even if you properly escaped this for the HTML context, it would still allow to load any _arbitrary_ URL into your iframe. – CBroe Aug 14 '23 at 11:09
  • Note that utf8 has a special meaning that is irrelevant here – Your Common Sense Aug 14 '23 at 11:13

0 Answers0